Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get data from a Rest API in Splunk 6.3?

hierros
Explorer
‎10-05-2015 02:53 PM

I am trying to get data from a Rest Site. Splunk 6.3 no longer has the modular input that handles it. I went through the documentation on http event collector, but I don't see how it can get data from a rest site. Does anyone know how to get data from a rest site?

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎11-03-2015 07:48 PM

Hi @hierros what do you mean by from a rest site? The HTTP Event Collector is not part of the REST Management endpoint, but it is an API that you can hit just the same.

What problem are you having?

Thanks

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎10-05-2015 04:57 PM

Hi @hierros,

As a general suggestion, here is some documentation on REST API input endpoints:
http://docs.splunk.com/Documentation/Splunk/6.3.0/RESTREF/RESTinput

What modular input were you using previously? We can discuss more specifics, if you don't find what you need in the above documentation.

All the best,
@frobinson_splunk

Reply

hierros
Explorer
‎10-07-2015 11:18 AM

I am an intern at Kaiser and new to Splunk. I have never used modular input before. I was tasked with data intake from a Rest API and really looking for a solution. The document seem to be similar to how http event collector works. Do you know if http event collector can get data from a Rest API?

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎10-07-2015 02:45 PM

Hi @hierros,
I discussed your question with a colleague and you can use HTTP Event Collector to get data via REST. You'll want to make sure that the data coming from the endpoint is sent or repackaged in JSON format in order to use Event Collector. You might write a script that gets the data and packages it in JSON. As part of Event Collector, use a token and make sure your Splunk instance is listening on the Event Collector port, using that token.

Please refer to the HTTP Event Collector documentation for more details on getting started.
http://dev.splunk.com/view/event-collector/SP-CAAAE6M

I hope that this helps! Please let us know if not. It's also an option to contact support for more guidance.

All the best,
@frobinson_splunk

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...